The Cybersecurity and Infrastructure Security Agency (CISA) this week directed federal civilian agencies to eliminate any public-facing interfaces to network management systems and devices to prevent access to these systems by bad actors.
The June 13 Binding Operational Directive (BOD) (23-02) says that as agencies have strengthened the detection of threats on endpoints, “threat actors have adjusted tactics to evade these protections by targeting network devices supporting the underlying network infrastructure.” That infrastructure, which includes components and technologies such as routers, switches, firewalls, Hypertext Transfer Protocol, File Transfer Protocol, and others, is meant to be accessed by authorized users for “administrative activities” and not the public, CISA says.
Agencies have two weeks to remove the network management interfaces from the internet or deploy capabilities that limit access control to the interface. CISA said it will scan for devices and interfaces covered under the BOD, provide remediation plans for agencies out of compliance, and review and update the directive within two years.